search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
FEATURE


BUSINESS CRIME & PROTECTION


Defence in breadth rather than depth


By Kevin Else (pictured), director at Cyber Security Partners


often defining the threat, where it’s coming from and not only how to prevent it, but how to capture the fact that it happened. Information crime is not new. Competitors have always


Y


wanted to find out what your company is doing. Information has a value – whether the information is your customers’ names, details of your products or details of your contracts, there is a value both to your organisation and to others too. We’ve also seen the availability of that information has a


value to your organisation, with such crimes as ransomware, so even if the information isn’t released to competitors or the general public, a lack of information can have a serious effect on your bottom line.


DEFENDING AGAINST INFORMATION CRIME WITH TECHNOLOGY AND PEOPLE The initial approach to information security has always been to build walls and levels of protection across the organisation to prevent leakage of information. The problem is, for you to do your business, you have to create holes in the walls. Otherwise the information is not available, so you can carry out your normal business functions. Even monitoring the gaps in the walls doesn’t always


prevent cyber-crime. Threats can come from inside the organisation, whether malicious or accidental. Breaches in the walls protecting the information can arise, so a much more holistic approach is required. Technology is part of the answer and so are people. The


day-to-day users of the information are the ones who will recognise an unusual pattern of events a lot more quickly than a piece of technology. Getting your users onside as part of your monitoring is a


key method of preventing information theft. By utilising your users as first-line monitoring and giving them a level of responsibility in surveillance, that information access provides you with an extremely powerful level of protection.


50 business network June 2021


ou don’t need me to tell you that cyber-crime is a significant threat to businesses or that it’s an increasing part of all business crime. The problem is


WHERE TO BEGIN So how do you build a skill set within your employee users? Yes, there is awareness training, and reviewing the latest scam and spam techniques, but to truly have them focus on how your information is accessed as an organisation, you need to understand the value of the information that you hold. You need to consider the business impact of either not


having that information or it being released to someone who should not have access to it. There are multiple stages to be able to build this:


1. Understand the value of the information you hold. This is not the value to anyone outside of your organisation but the value of that information to your organisation.


2. Carry out a business impact assessment. What if the information is not available through a ransomware attack, or if only part of your information is available?


3. Define the threats and where they are coming from. That can be as simple as saying there are inside and outside threats. Then establish how likely those threats are so you can build appropriate mitigating controls. This can be both technical and non-technical, to help either prevent or, from a resilience point of view, define the process of how you recover from the information either becoming released or not being available to you.


4. Marry the business impact and the threat assessment together to highlight where your main risks are.


5. Finally, make sure your users are aware of those risks. This isn’t making them aware of general security risks but the specific risks to your organisation and its data. There is a place for general security awareness training, but unless you can directly relate it to your user’s day-to-day operations, it will not become part of their business as usual.


Follow the above advice to ensure that your organisation


can reduce the threat of cyber-crime and build protection within your business.


‘Information


crime is not new. Competitors have always


wanted to find out what your company is doing’


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74  |  Page 75  |  Page 76  |  Page 77  |  Page 78  |  Page 79  |  Page 80